info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته سوم اردیبهشت‌ماه

 

این هفته در محصولات بسیار مهم Cisco  چندین آسیب‌پذیری با سطح خطر «حیاتی» و «بالا» شناسایی شده است. همچنین محصولات پرکاربرد شرکت‌های Apache ، Citrix، Zoom و IBM نیز چندین آسیب‌پذیری حیاتی داشتند. کرنل لینوکس و  SuSE Linux نیز آسیب‌پذیری‌هایی با سطح خطر «بالا» داشتند. 

رفع آسیب‌پذیری

نوع آسیب‌پذیری

محصول آسیب‌پذیر

شناسه آسیب‌پذیری

Not Defined

Memory Corruption

AccuSoft ImageGear ICO File igcore19d.dll

CVE-2020-6076

Not Defined

Memory Corruption

AccuSoft ImageGear igcore19d.dll fillinraster

CVE-2020-6094

Not Defined

Memory Corruption

AccuSoft ImageGear igcore19d.dll ico_read

CVE-2020-6082

Not Defined

Memory Corruption

AccuSoft ImageGear igcore19d.dll store_data_buffer

CVE-2020-6075

Not Defined

XSS

Advanced Order Export Plugin settings-form.php

CVE-2020-11727

Not Defined

Weak Authentication

Amazon EC2 Plugin Certificate Man-in-the-Middle

CVE-2020-2187

Not Defined

CSRF

Amazon EC2 Plugin

CVE-2020-2186

Not Defined

Information Disclosure

Amazon EC2 Plugin Permission Check

CVE-2020-2188

Not Defined

Weak Authentication

Amazon EC2 Plugin SSH Host Key Validator Man-in-the-Middle

CVE-2020-2185

Not Defined

XSS

Apache Syncope EndUser UI Login Page

CVE-2019-17557

Official Fix

Remote Code Execution

Apache Syncope Template

CVE-2020-1961

Official Fix

Remote Code Execution

Apache Syncope Template

CVE-2020-1959

Official Fix

DoS

ATTO FibreBridge 7500N

CVE-2018-5493

Official Fix

Privilege Escalation

Avira Software Updater Hard Link

CVE-2020-12463

Not Defined

XSS

Ayision Ays-WR01 Setting Stored

CVE-2019-19514

Not Defined

XSS

Ayision Ays-WR01 Wireless Setting Stored

CVE-2019-19515

Not Defined

Information Disclosure

Blaauw Remote Kiln Control db.inc

CVE-2019-18868

Not Defined

Code Execution

Blaauw Remote Kiln Control Debug

CVE-2019-18869

Not Defined

Directory Traversal

Blaauw Remote Kiln Control debug.php

CVE-2019-18871

Not Defined

Information Disclosure

Blaauw Remote Kiln Control Error Message Username

CVE-2019-18865

Not Defined

Directory Traversal

Blaauw Remote Kiln Control excel.php

CVE-2019-18870

Not Defined

Information Disclosure

Blaauw Remote Kiln Control

CVE-2019-18867

Not Defined

Weak Authentication

Blaauw Remote Kiln Control Password Requirements

CVE-2019-18872

Not Defined

Information Disclosure

Blaauw Remote Kiln Control server-info

CVE-2019-18864

Not Defined

SQL Injection

Blaauw Remote Kiln Control

CVE-2019-18866

Not Defined

Weak Authentication

Calibre-Web Default Key

CVE-2020-12627

Not Defined

Privilege Escalation

chrome-launcher

CVE-2020-7645

Official Fix

Spoofing

Cisco ASA Key Distribution Center spoofing

CVE-2020-3125

Official Fix

DoS

Cisco ASA/Firepower Threat Defense Border Gateway Protocol

CVE-2020-3305

Official Fix

DoS

Cisco ASA/Firepower Threat Defense DHCP Module

CVE-2020-3306

Official Fix

DoS

Cisco ASA/Firepower Threat Defense DNS over IPv6 Packet Processor

CVE-2020-3191

Official Fix

DoS

Cisco ASA/Firepower Threat Defense IKEv1

CVE-2020-3303

Official Fix

DoS

Cisco ASA/Firepower Threat Defense Management Interface

CVE-2020-3334

Official Fix

DoS

Cisco ASA/Firepower Threat Defense MGCP Inspection Memory Exhaustion

CVE-2020-3254

Official Fix

DoS

Cisco ASA/Firepower Threat Defense OSPF

CVE-2020-3298

Official Fix

DoS

Cisco ASA/Firepower Threat Defense OSPF Memory Leak

CVE-2020-3195

Official Fix

DoS

Cisco ASA/Firepower Threat Defense SSL/TLS

CVE-2020-3196

Official Fix

Directory Traversal

Cisco ASA/Firepower Threat Defense Web Services Interface

CVE-2020-3187

Official Fix

Information Disclosure

Cisco ASA/Firepower Threat Defense Web Services Interface

CVE-2020-3259

Official Fix

Open Redirect

Cisco Content Security Management Appliance Web-based GUI

CVE-2020-3178

Official Fix

Privilege Escalation

Cisco Firepower Device Manager On-Box

CVE-2020-3309

Official Fix

DoS

Cisco Firepower Device Manager On-Box XML Parser Memory Exhaustion

CVE-2020-3310

Official Fix

Privilege Escalation

Cisco FirePOWER Management Center

CVE-2020-3301

Official Fix

Open Redirect

Cisco FirePOWER Management Center Web Interface

CVE-2020-3311

Official Fix

Privilege Escalation

Cisco FirePOWER Management Center Web UI

CVE-2020-3307

Official Fix

Privilege Escalation

Cisco FirePOWER Management Center Web UI

CVE-2020-3302

Official Fix

XSS

Cisco FirePOWER Management Center Web-based Management Interface

CVE-2020-3313

Official Fix

Privilege Escalation

Cisco FirePOWER Management Center/Firepower User Agent

CVE-2020-3318

Official Fix

DoS

Cisco Firepower Threat Defense Access Control Policy Memory Exhaustion

CVE-2020-3255

Official Fix

Information Disclosure

Cisco Firepower Threat Defense Application Policy Configuration

CVE-2020-3312

Official Fix

DoS

Cisco Firepower Threat Defense GRE Tunnel Decapsulation Crash

CVE-2020-3179

Official Fix

Privilege Escalation

Cisco Firepower Threat Defense Image Signature Verification

CVE-2020-3308

Official Fix

Privilege Escalation

Cisco Firepower Threat Defense Management Interface

CVE-2020-3186

Official Fix

DoS

Cisco Firepower Threat Defense Remote Management Interface

CVE-2020-3188

Official Fix

DoS

Cisco Firepower Threat Defense SSL/TLS Crash

CVE-2020-3283

Official Fix

Privilege Escalation

Cisco Firepower Threat Defense Support Tunnel

CVE-2020-3253

Official Fix

Privilege Escalation

Cisco Firepower Threat Defense TLS 1.‎3

CVE-2020-3285

Official Fix

DoS

Cisco Firepower Threat Defense VPN System Logging Memory Leak

CVE-2020-3189

Official Fix

Information Disclosure

Cisco Hosted Collaboration Mediation Fulfillment Web-based Management Interface XXE

CVE-2020-3256

Official Fix

DoS

Cisco Integrated Management Controller Supervisor RBAC

CVE-2020-3329

Official Fix

Privilege Escalation

Cisco Product Snort Detection Engine

CVE-2020-3315

Official Fix

Privilege Escalation

Cisco Umbrella Web Server CRLF

CVE-2020-3246

Not Defined

Privilege Escalation

Citrix ShareFile StorageZones Controller

CVE-2020-7473

Not Defined

Privilege Escalation

Citrix ShareFile StorageZones

CVE-2020-8983

Not Defined

Privilege Escalation

Citrix ShareFile StorageZones

CVE-2020-8982

Not Defined

Information Disclosure

Credentials Binding Plugin Building Log

CVE-2020-2181

Not Defined

Information Disclosure

Credentials Binding Plugin

CVE-2020-2182

Not Defined

Privilege Escalation

Dell Client Platform OS Recovery Image

CVE-2020-5343

Not Defined

Privilege Escalation

Dext5 Upload ActiveX Control dext5.ocx

CVE-2019-19164

Not Defined

Remote Code Execution

Dext5.ocx ActiveX

CVE-2019-19169

Not Defined

Remote Code Execution

Dext5.ocx ActiveX

CVE-2019-19168

Official Fix

Privilege Escalation

Dolibarr ERP CRM Access Restriction get_menudiv.php

CVE-2020-12669

Not Defined

Remote Code Execution

Eaton Intelligent Power Manager Configuration File Import

CVE-2020-6651

Not Defined

Privilege Escalation

Eaton Intelligent Power Manager Configuration File

CVE-2020-6652

Official Fix

Memory Corruption

FreeRDP autodetect_recv_bandwidth_measure_results

CVE-2020-11047

Official Fix

Information Disclosure

FreeRDP Protocol Parser Out-of-Bounds

CVE-2020-11049

Official Fix

Memory Corruption

FreeRDP Session Out-of-Bounds

CVE-2020-11048

Official Fix

Information Disclosure

FreeRDP update_read_bitmap_data

CVE-2020-11045

Official Fix

DoS

FreeRDP update_read_cache_bitmap_v3_order

CVE-2020-11044

Official Fix

Memory Corruption

FreeRDP update_read_icon_info

CVE-2020-11042

Official Fix

Memory Corruption

FreeRDP update_read_synchronize

CVE-2020-11046

Not Defined

Directory Traversal

Gira TKS-IP-Gateway

CVE-2020-10794

Not Defined

Code Execution

Gira TKS-IP-Gateway Web Frontend

CVE-2020-10795

Not Defined

Information Disclosure

GitLab Enterprise Edition NuGet

CVE-2020-12448

Not Defined

XSS

GLPI Comment Stored

CVE-2020-11036

Official Fix

Information Disclosure

GLPI CSRF Token

CVE-2020-11035

Official Fix

Open Redirect

GLPI Regexp

CVE-2020-11034

Official Fix

SQL Injection

GLPI

CVE-2020-11032

Official Fix

Information Disclosure

GLPI User

CVE-2020-11033

Official Fix

Privilege Escalation

GNU Mailman mailman

CVE-2020-12108

Not Defined

Weak Encryption

Google Earth Pro khcrypt

CVE-2020-8896

Not Defined

Directory Traversal

Gurbalib help.c

CVE-2020-12649

Not Defined

Weak Encryption

HCL Nomad

CVE-2020-4092

Not Defined

Privilege Escalation

Hibernate Validator EL Expression

CVE-2020-10693

Not Defined

Privilege Escalation

IBM Business Automation Workflow

CVE-2020-4446

Not Defined

Weak Authentication

IBM Data Risk Manager Default Admin Password

CVE-2020-4429

Not Defined

Directory Traversal

IBM Data Risk Manager

CVE-2020-4430

Not Defined

Privilege Escalation

IBM Data Risk Manager

CVE-2020-4428

Not Defined

Weak Authentication

IBM Data Risk Manager SAML Authentication

CVE-2020-4427

Not Defined

XSS

IBM InfoSphere Information Server Web UI

CVE-2020-4384

Not Defined

Information Disclosure

IBM Maximo Anywhere Jailbreak Detection

CVE-2019-4266

Not Defined

Directory Traversal

IBM Spectrum Protect Plus

CVE-2020-4209

Not Defined

Spoofing

IBM WebSphere Application Liberty openidconnect 

CVE-2020-4421

Official Fix

unknown vulnerability

iframe Plugin URL

CVE-2020-12696

Not Defined

Directory Traversal

i-net Clear Reports/HelpDesk/PDFC Documentation

CVE-2020-11431

Not Defined

CSRF

Intelbras CIP 92200

CVE-2020-8829

Not Defined

CSRF

Intelbras RF1200 login.html

CVE-2019-19517

Official Fix

Weak Authentication

Java-WebSocket Certificate Validation

CVE-2020-11050

Official Fix

Directory Traversal

Juniper Junos HTTP Service

CVE-2020-1631

Official Fix

DoS

KeyCloak

CVE-2020-10686

Not Defined

Information Disclosure

LCDS LAquis SCADA

CVE-2020-10618

Not Defined

Privilege Escalation

LCDS LAquis SCADA

CVE-2020-10622

Official Fix

XSS

LeptonCMS

CVE-2020-12705

Not Defined

XSS

LeptonCMS Event save.php

CVE-2020-12707

Official Fix

Memory Corruption

Linux Kernel bfq-iosched.c bfq_idle_slice_timer_body

CVE-2020-12657

Not Defined

DoS

Linux Kernel gss_mech_switch.c gss_mech_free

CVE-2020-12656

Official Fix

Privilege Escalation

Linux Kernel mptctl.c __mptctl_ioctl

CVE-2020-12652

Official Fix

DoS

Linux Kernel Reference Counter namespace.c pivot_root

CVE-2020-12114

Official Fix

Memory Corruption

Linux Kernel scan.c mwifiex_cmd_append_vsie_tlv()‎

CVE-2020-12653

Official Fix

Memory Corruption

Linux Kernel wmm.c mwifiex_ret_wmm_get_status()‎

CVE-2020-12654

Official Fix

Memory Corruption

Linux Kernel xdp_umem.c xdp_umem_reg

CVE-2020-12659

Not Defined

unknown vulnerability

Linux Kernel XFS v5 Image xfs_alloc.c

CVE-2020-12655

Official Fix

Privilege Escalation

MongoDB Authorization Subsystem

CVE-2020-7921

Not Defined

Memory Corruption

Nginx Controller AVRD Segmentation Fault

CVE-2020-5895

Not Defined

Weak Authentication

Nginx Controller Web Server Logout

CVE-2020-5894

Official Fix

Open Redirect

OAuth2 Proxy

CVE-2020-11053

Not Defined

Privilege Escalation

OKLOK Mobile Companion App API

CVE-2020-8791

Not Defined

Weak Authentication

OKLOK Mobile Companion App Email Verification

CVE-2020-10876

Not Defined

Information Disclosure

OKLOK Mobile Companion App

CVE-2020-8792

Not Defined

Weak Authentication

OKLOK Mobile Companion App Password Requirements

CVE-2020-8790

Official Fix

Weak Authentication

OpenStack Keystone EC2 API

CVE-2020-12692

Official Fix

Privilege Escalation

OpenStack Keystone OAuth1 Access Token

CVE-2020-12690

Official Fix

Privilege Escalation

OpenStack Keystone

CVE-2020-12689

Official Fix

Spoofing

OpenStack OpenStack Keystone EC2 Credential Masquerade spoofing

CVE-2020-12691

Official Fix

DoS

OpenVPN Access Server Management Interface XXE

CVE-2020-11462

Not Defined

XSS

php-fusion downloads.php

CVE-2020-12708

Not Defined

XSS

php-fusion faq_admin.php

CVE-2020-12706

Not Defined

XSS

php-fusion Preview Comment comments.php

CVE-2020-12718

Official Fix

XSS

PHPList template.php

CVE-2020-12639

Not Defined

DoS

QEMU virtiofsd

CVE-2020-10717

Official Fix

Remote Code Execution

RoundCube Webmail Config Setting rcube_image.php

CVE-2020-12641

Official Fix

CSRF

RoundCube Webmail

CVE-2020-12626

Official Fix

Local File Inclusion

RoundCube Webmail rcube_plugin_api.php

CVE-2020-12640

Official Fix

XSS

RoundCube Webmail rcube_washtml.php

CVE-2020-12625

Official Fix

Information Disclosure

RSA Archer Cache/Log File

CVE-2020-5331

Official Fix

Command Injection

RSA Archer

CVE-2020-5332

Official Fix

CSRF

RSA Archer

CVE-2020-5335

Official Fix

XSS

RSA Archer

CVE-2020-5336

Official Fix

XSS

RSA Archer DOM-Based

CVE-2020-5334

Official Fix

Open Redirect

RSA Archer

CVE-2020-5337

Official Fix

Privilege Escalation

RSA Archer REST API

CVE-2020-5333

Not Defined

Memory Corruption

Ruby Heap-based

CVE-2020-10933

Not Defined

Server-Side Request Forgery

Ruckus Product Wireless Admin Screen login.asp

CVE-2020-8830

Not Defined

XSS

Ruckus R500 index.asp

CVE-2020-8033

Not Defined

Server-Side Request Forgery

Ruckus R500 login.asp

CVE-2020-7983

Official Fix

Code Execution

S.‎ Siedle & Soehne SG 150-0 Smart Gateway Backup

CVE-2020-9474

Official Fix

Privilege Escalation

S.‎ Siedle & Soehne SG 150-0 Smart Gateway logrotate race condition

CVE-2020-9475

Not Defined

XSS

SAE FW-50 Remote Telemetry Unit

CVE-2020-10630

Not Defined

Information Disclosure

SAE FW-50 Remote Telemetry Unit

CVE-2020-10634

Official Fix

DoS

Samba Active Directory Domain Controller

CVE-2020-10704

Official Fix

DoS

Samba AD DC LDAP Server Use-After-Free

CVE-2020-10700

Not Defined

Memory Corruption

Samsung Product Quram qmg Library Heap-based

CVE-2020-8899

Not Defined

Remote Code Execution

SCM Filter Jervis Plugin YAML Parser

CVE-2020-2189

Official Fix

Server-Side Request Forgery

service-api XML Data

CVE-2020-12642

Official Fix

Weak Authentication

Silver Peak Product Authentication Mechanism

CVE-2020-12143

Official Fix

Weak Authentication

Silver Peak Product

CVE-2020-12144

Official Fix

Information Disclosure

Silver Peak Unity ECOS/Unity Orchestrator IPSec UDP Key

CVE-2020-12142

Not Defined

Weak Authentication

SimpliSafe SS3

CVE-2020-5727

Official Fix

Information Disclosure

Sorcery Password Authentication Lockout

CVE-2020-11052

Official Fix

Privilege Escalation

Sprout Forms Template Injection

CVE-2020-11056

Not Defined

Privilege Escalation

SuSE Linux Enterprise Server 15 etc

CVE-2020-8018

Official Fix

DoS

Synology Router Manager Network Center Out-of-Bounds

CVE-2019-11823

Not Defined

CSRF

TCExam

CVE-2020-5745

Not Defined

Directory Traversal

TCExam

CVE-2020-5744

Not Defined

Privilege Escalation

TCExam Permission

CVE-2020-5743

Not Defined

XSS

TCExam Persistent

CVE-2020-5751

Not Defined

XSS

TCExam Persistent

CVE-2020-5749

Not Defined

XSS

TCExam Persistent

CVE-2020-5747

Not Defined

XSS

TCExam Persistent

CVE-2020-5746

Not Defined

XSS

TCExam Self-Registration Persistent

CVE-2020-5750

Not Defined

XSS

TCExam Self-Registration Persistent

CVE-2020-5748

Not Defined

Privilege Escalation

TeamPass REST API

CVE-2020-11671

Official Fix

Memory Corruption

TensorFlow BMP Decoder decode_bmp_op.cc DecodeBmp

CVE-2018-21233

Not Defined

Remote Code Execution

Tobesoft Nexacro Nexacro14 ActiveX Control

CVE-2019-19167

Not Defined

Remote Code Execution

Tobesoft XPlatform ActiveX Control

CVE-2020-7806

Not Defined

Remote Code Execution

Tobesoft XPlatform DLL Loader

CVE-2019-19166

Not Defined

Command Injection

TP-LINK NC200/NC210/NC220/NC230/NC250/NC260/NC450

CVE-2020-12109

Not Defined

Weak Encryption

TP-LINK NC200/NC210/NC220/NC230/NC250/NC260/NC450 Default Key

CVE-2020-12110

Not Defined

Command Injection

TP-LINK NC260/NC450

CVE-2020-12111

Not Defined

Directory Traversal

TP-LINK Omada Controller Software eap-web-3.‎2.‎6.jar

CVE-2020-12475

Not Defined

Privilege Escalation

TP-LINK TL-WA855RE Authentication Mechanism

CVE-2020-10916

Official Fix

XSS

UliCMS PackageController Uninstall

CVE-2020-12703

Official Fix

XSS

UliCMS PageController Stored

CVE-2020-12704

Not Defined

Privilege Escalation

UniFi Cloud Key Serial Interface

CVE-2020-8157

Official Fix

Privilege Escalation

vBulletin Access Control

CVE-2020-12720

Not Defined

Information Disclosure

WAVLINK WL-WN530HG4 ExportALLSettings.sh

CVE-2020-10973

Not Defined

Information Disclosure

WAVLINK WL-WN530HG4

CVE-2020-10972

Not Defined

Information Disclosure

WAVLINK WL-WN579G3/WL-WN575A3 Backup Config

CVE-2020-10974

Not Defined

Privilege Escalation

WAVLINK WL-WN579G3/WL-WN575A3/WL-WN530HG4 adm.cgi

CVE-2020-10971

Not Defined

SQL Injection

wp-advanced-search Plugin Import

CVE-2020-12104

Not Defined

XML External Entity

WSO2 API Manager Management Console

CVE-2020-12719

Official Fix

Directory Traversal

Zoho ManageEngine Desktop Central ZIP Archive Extraction

CVE-2020-10859

Not Defined

Information Disclosure

Zoho ManageEngine ManageEngine OpManager

CVE-2020-12116

Official Fix

Privilege Escalation

Zoom MSI Installer

CVE-2020-11443
 

بیش‌تر آسیب‌پذیری‌های هفته طبق استاندارد CVSS، «خطرناک» ارزیابی شده‌اند.

 

 

همچنین بیش‌ترین نوع آسیب‌پذیری‌ هفته،  ارتقاء امتیاز (۲۱%) بود.

 

نهایتاً برای ۴۹% آسیب‌پذیری‌‌های هفته، به‌روزرسانی‌ها و یا وصله‌هایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده از آسیب‌پذیری‌ها بهتر است سریعاً اعمال شوند.